Chalk implements SCIM in order to allow external
identity providers (IDPs) to automatically provision and
deprovision users as they are added and removed from
the external identity provider.
- IDP-initiated user provisioning
- IDP-initiated user deprovisioning
- IDP-managed group assignment
Configure Chalk to use Okta SAML
Configure the Okta Chalk SAML app to use SCIM for
Configure Okta SCIM
- Generate an SCIM authentication token in your Chalk
settings dashboard. This token is extremely sensitive
and care should be taken to ensure that it is not leaked.
You’ll use this token to configure Okta’s SCIM authentication.
- Navigate to your Okta admin dashboard.
- Edit your Chalk SAML app.
- Configure SCIM using:
- SCIM Connector base URL:
- Unique identifier field for users:
- Supported provisioning actions:
- Push New Users
- Push Profile Updates
- Push Groups
- Authentication Mode: “HTTP Header”, and set the Bearer header to the SCIM token you generated in your Chalk dashboard.
- Contact Chalk Support to enable SCIM on
your account, and set up the initial Okta Group to Chalk